This privacy statements explains how personal data (hereinafter referred to as "data") is collected, used, retained and disclosed within our online offering and associated websites, functions and content as well as external online presences. The terms used here, such as "personal data" and its "processing", are used as defined in Art. 4 of the European General Data Protection Regulation (GDPR)

Responsible in accordance with the GDPR:

Address:Dolivostraße 11
Postcode, city, country:64293 Darmstadt, Germany
Commercial register no.:HRB 8383
CEO:Philipp Hasenäcker
Telephone number:06151 92870

Data protection officer

Name:Nadi Sönmez
Address:Dolivostraße 11
Postcode, city, country:64293 Darmstadt, Germany
Telephone number:06151 92870

Changes and updates to the privacy statement

We ask that you read our privacy statement at regular intervals. We will modify the privacy statement as soon as changes to the processing of data carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Some PROSTEP AG websites may have their own, possibly different, privacy statement. Please read the privacy statement of each PROSTEP website that you visit.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, pursuant to Art. 32 GDPR. These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, security of availability and separation of the data. Furthermore, we have established procedures that guarantee that you can exercise your rights, the deletion of data and an appropriate response to data risks. We also take the protection of personal data into consideration during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR)

The security measures include, in particular, the encrypted transmission of data between your browser and our server.

Collecting, processing, using and deleting your personal data

PROSTEP collects, exports and uses personal information to provide you with better service and to better consider your needs and interests. This is done on the basis of this privacy statement and your consent.

When you visit our website, we collect your IP address and use cookies and other Internet technologies to collect general information about you and what is of interest to you.

We also collect and process the information and data that you provide to us voluntarily, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums.

We use so-called server log files to collect data every time the server on which this service is located is accessed. We do this based on our legitimate interests pursuant to Art. 6 para. 1(f) GDPR. Access data includes the name of the accessed website, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data that needs to be stored for a longer period of time for evidentiary purposes will not be deleted until final clarification of the respective incident.

The data we process will be deleted or its processing restricted pursuant to Articles 17 and 18 GDPR. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and its deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is needed for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and will not be processed for any other purposes. This applies, for example, to data that must be retained for business or tax reasons.

In accordance with statutory requirements, the data will be kept, in particular, for 6 years pursuant to § 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).


The following information is intended to provide you with information about the content of our newsletters, the subscription process, newsletter delivery, statistical analysis and your right to object. By subscribing to our newsletters, you agree to receiving the newsletters and to the described procedures.

Content of the newsletters: We only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") with the consent of the recipients or with legal authorization. If, when subscribing to newsletters, the content of the newsletters is described specifically, the content is relevant to your consent. Our newsletters contain information about our products, offers, promotions and our company.

Double opt-in and logging: a "double opt-in" procedure is used when you subscribe to a newsletter. This means that after subscribing, you will receive an e-mail asking for confirmation. This confirmation is needed to ensure that no one can subscribe to newsletter using someone else's e-mail address. Subscription to a newsletter is logged in order to be able to prove that the subscription process complies with legal requirements. This includes storing the time at which you subscribed to the newsletter and the time at which you confirmed subscription as well as the IP address. Changes to your data that is stored with the delivery service provider are also logged.

Subscription data: To subscribe to a newsletter, all you have to do is enter your e-mail address. We also give you the option of entering a name in the newsletter so that the newsletter can be personalized.

Performance measurement: In exceptional cases the newsletters contain a so-called "web-beacon", i.e. a pixel-size file that is retrieved from the delivery service provider's server when a newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval are collected. This information is used to improve the services on the basis of the technical data or the target groups and their reading behavior using their retrieval locations (which can be determined with the help of the IP address) or the time of access. Statistical surveys also include determining whether the newsletters are opened, when they were opened and which links were clicked. Although, for technical reasons, this information can be associated with the individual newsletter recipients, it is not our intention nor that of the delivery service provider to monitor individual users. The surveys enable us to identify the reading habits of our users and to adapt our contents accordingly or to send different content to different users according to what they are interested in.

Delivery of the newsletters and performance measurement are based on the recipients' consent pursuant to Art. 6 para. 1(a) and Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 of the Unfair Competition Act (UWG), or on the basis of legal authorization pursuant to § 7 para. 3 of the Unfair Competition Act.

Logging of the subscription process is performed on the basis of our legitimate interests pursuant to Art. 6 para. 1(f) GDPR and serves as proof of consent to receive the newsletter.

Unsubscribe/Revocation: You can unsubscribe to newsletters at any time, i.e. revoke your consent. You will find a link that you can use to unsubscribe to a newsletter at the end of the respective newsletter. If you have subscribed only to the newsletter and subsequently unsubscribe, your personal data will be deleted.

Participation in an event

By registering for an event, you agree to the processing of your personal data for the purpose of organizing the event in question. The following data is collected during the registration process: first name, last name, title and name of the company/institution.

Your data is processed in accordance with Art. 6 para. 1(f) GDPR based on your consent, which you give by registering for the event.

By registering, you agree that the data provided (first name, last name, title, name of the company/institution) may be included in the list of participants for the event and printed on a name tag. The list of participants is available in printed form to other participants in the event as well as to the speakers and event partners.

Double opt-in and logging: a "double opt-in" procedure is used when you register for our events. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is needed to ensure that no one can register using someone else's e-mail address. Registrations are logged in order to be able to prove that the registration process complies with legal requirements. This includes storing the time at which you registered for the event and confirmed your registration as well as the IP address. Any changes made to your data, which is stored with the delivery service provider, are also logged.

It may be that photographs are taken and audio or film recordings made during the events and that these are published in various online and offline media. These photographs/recordings are linked to the pictorial representation of persons present. The persons are selected at random. The images are published on the homepage, print and online media. This also applies to events offered in cooperation with third parties.

By entering the event venue, participants agree to the unremunerated publication, in the afore-mentioned manner, and the right to distribute and make available the recorded image, audio and film material in the context of public relations work performed by PROSTEP AG. Individual rights remain protected.

If an individual does not agree to the publication of photographs, audio recordings and film recordings that include their person, we ask that they contact the persons responsible for the events directly.

The relevant personal data will be deleted three years after the event in question was held. In individual cases, we reserve the right to retain photographs, audio recordings and film recordings based on a legitimate interest (in accordance with Art. 6 para. 1(f) GDPR) and for the purpose of documenting the company and/or its history.

Collaboration with processors and third parties

If we disclose data to other persons or companies (processors or third parties) during our processing operation, transmit the data to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization (e.g. if transmission of the data to third parties, such as payment service providers, is required for the fulfillment of a contract pursuant to Art. 6 Para. 1(b) GDPR ), if you have provided your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data within the framework of a so-called "order processing contract", this will be done on the basis of Art. 28 GDPR.

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs with the framework of utilizing third-party services or disclosing or transferring data to third parties, this is only done in order to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal authorization or contractual permission, we only process the data or have the data processed in a third country if the special requirements pursuant to Art. 44 ff. GDPR apply. This means that processing is carried out, for example, on the basis of special guarantees, such as official recognition a similar level of protection of your personal data to what is required in the EU (e.g. the Privacy Shield scheme in the USA) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Provision of contractual services

We process inventory data (e.g. names and addresses and users' contact data), contract data (e.g., services used, names of contact persons, payment information) in order to fulfill our contractual obligations and provide services pursuant to Art. 6 para. 1(b) GDPR. The entries marked as mandatory on online forms are required for conclusion of the contract.

When registering or re-registering and when using our online services, we will store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests and to protect users against misuse or other unauthorized use. This data is not normally passed on to third parties unless it is required to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1(c) GDPR.

The data will be deleted once statutory warranty or comparable obligations expire. The need to store the data is reviewed every three years. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)). Details in the customer account will remain until the account is deleted.

Cookies and reach measurement

Cookies are pieces of information that are transferred from our web server or third-party web servers to your web browser and stored for later retrieval. Cookies can be small files or other types of stored information.

We use so-called session cookies, which are only stored on our website for the duration of your visit (e.g. to allow your login status to be stored or to enable the shopping basket function and thus the use of our website). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our website and log out or close your browser, for example.

In accordance with this privacy statement, you will be notified of the use of other cookies in the context of pseudonymous reach measurement.

If you do not want cookies to be saved on your computers, disable the relevant option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. If cookies are disabled, you may not be able to use the full functionality of this website.

You may opt-out of the use of cookies for reach measurement and promotional purposes via the deactivation page of the Network Advertising Initiative ( and additionally the US website ( or the European website (

We use cookies and pixels on this website to ensure the proper functioning of our website, to personalize content and ads, to offer social media features, and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. This also includes the creation of pseudonymous usage profiles. Our partners (Google LLC/ USA, Microsoft Corp./ USA) may combine this information with other data that you have provided to them (e.g. by means of a personal account) or which they have collected in the course of your use of the services (e.g. usage data of other devices). You can revoke your consent to the use of cookies and pixels at any time by clicking on the 'Adjust Cookie Preferences' button and making the appropriate adjustments there.

Range analysis with Matomo (formerly PIWIK)

This website uses Matomo, an open source statistical analysis software Visitor requests. Matomo usually uses cookies, d. H. Text files on your Access device are stored and give an analysis of the use enable the website. In the version used by one4vision, Matomo is NOT cookies used. For this purpose, the information collected by Matomo (including your abridged IP address) to the server hosting our website Stored for purposes of analysis. The server location is Germany. Your IP address will be instant anonymized after processing and prior to its storage. It will be 2 bytes of your IP address masked, which corresponds to the last six digits. The information collected by Matomo on your use of our website will not be disclosed to third parties passed. You can change the use of cookies by setting your preferences By the way, browsers allow us an improved evaluation of the anonymous information allowed.

No tracking because of disabled JavaScript or activated ad blocker.


When contacting us (using the contact form or via e-mail), you details will be processed in the context of your contact request and its execution pursuant to Art. 6 para. 1(b) GDPR.

Your information may be stored in our customer relationship management (CRM) system or comparable request set-up.

We delete requests once they are no longer needed. We review the need to store the data every two years. Requests from customers who have a customer account are stored permanently and will not be deleted until the customer account is deleted. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)).

Rights of data subjects

You have the right to request confirmation as to whether the relevant data is being processed and to request information about this data as well as further information and a copy of the data pursuant to Art. 15 GDPR.

You have the right to request that incomplete personal data be completed and rectification of inaccurate data concerning you pursuant to Art. 16 GDPR,.

You have the right to demand that relevant data be deleted immediately pursuant to Art. 17 GDPR or, alternatively, to demand a restriction of the processing of the data pursuant to Art. 18 GDPR.

You have the right to receive the personal data that you have provided to us pursuant to Art. 20 GDPR and to request its transmission to another controller.

You also have the right to file a complaint with the relevant supervisory authority pursuant to Art. 77 GDPR.

Data protection officer in Hesse

Prof. Dr. Alexander Roßnagel
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany

Right to revoke consent: You have the right to revoke consent at any time with future effect pursuant to Art. 7 para. 3 GDPR.

Right to object: You have the right to object to the future processing of your personal data at any time pursuant to Art. 21 GDPR. You may object in particular to the processing of your personal data for direct marketing purposes.